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SECURED ACCESS DEVICE WITH CHIP CARD APPLICATIONS 

Field of the Invention 

The present invention relates to a secured 
access device with f or chip card applications. 

More specifically, the invention relates to 

a device for secured access to chip card applications 
that uses especially instructions that have been 
performed in the chip card which, at each instant, 
provide information on rights-; — especially — in — berms of 
access to for accessing the memory of the chip card, 
the software component^ or the hardware operation that 
has been performed in the chip card. 



Bescriiy feri^Backqround of the P rior Artlnvention 

The most common type of chip card has a 
microprocessor that manages a program memory. The 
program memory is usually dedicated to a single 
application or a set of applications loaded at the same 
time into the chip card. When several applications are 
loaded into a chip card, they have a close relationship 
with one another^ and are all designed for one and the 
same type of service. Thus, for example, a chip card 
cannot simultaneously play the role of a bank card and 
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that of a customer loyalty card for ^ another type of 
business of any kind . 

In order to end this situation where each 
chip card has to be limited to one type of application, 
5 new software architectures are being considered. These 
new software architectures are making use of the 
development of standardized programming languages ( for 
example the language — "JAVA" ) — which resolve the problems 
of portability , such as the programming language JAVA, 
10 for example . 

Figure 1 is a simplified view of a software 
architecture of the chip card proi ects cards that are 
v 3 now being developed. The architecture shown in Figure 

■5 1 corner i ses include s , in particular, a first part 110 

ij-' i 

* y 15 that corresponds to what is called the software 

If] architecture of a chip card 100 and a second part 120 

* that corresponds to what is called the applications 

C3 

fQ part of the software architecture o ffor the chip card 

FLI 

100. The system part 110 of the chip card is 
D 20 essentially formed by a library of programs 112 oi Ef or 

^" the chip card operating system of the chip card , an 

interface 114 to manage the interactions withT — foir 
example, the microprocessor of the — chip card or — else or 
the different memories of the chip card^ and a space 
25 for the management of hardware interruptions 116. 

The applications part 120 of the software 
architecture consists — erf includes different 
applicat ionsr 

, such as a first, second and third main 

30 application, respectively 122, 124 and 126r 

' and a first, second and third additional 

application, respectively 121, 123 and 125. 

The main applications 122, 124 and 126 are 

written in a programming language that can be directly 
35 understood by the processor of the chip card. 



The additional applications 121, 123 and 125 
are typically applications encoded in a standardized 
language. These applications may be added at any point 
in time to the system part 110 in an applications part 
12 0 of the software architecture described . In Figure 
1, the additional applications 121, 123 and 125 depend 
directly on the first main application 122. The first 
main application 122 herein serves as an interpreter 
between the additional applications and the operating 
system by converting the codes of the additional 
applications into a machine language that can be 
understood by the programs of the operating system 112. 

The device with secured access — bo 

applications of a chip card according to the invention 
comes into play in an architecture of this type. 

The software architecture that has just been 
described is more complex than the one currently 
existing in chip cards in circulation. Indeed, — tThe 
architecture described assumes that it is possible to 
add applications in a standardized programming 
language, possibly after the chip card is put into 
circulation. It is therefore more complicated to 
achieve a satisfactory level of security than was the 
n ^compared to when a single application or a group of 
applications dedicated to a single chip card function 
v^ are the only applications to be loaded once and for 
stii into the chip r^r-H whir.h. The chip card was then 
permanently limited in terms of available applications. 
The risk that a new application might disturb the 
workina operation of previous applications was therefore 
not as great . 

The coexistence of applications of different 
kinds in one and the same chip card may raise a certain 
number of problems. For example, a software 
architecture simultaneously containing an application 
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dedicated to the assessment of a customer's 
lnvaltv access to a gasoline company and a standard 
banking application must ensure that a secret key used 
in the banking application cannot be read during the 
5 use of the application associated with the gasoline 
company. 

S UMMARY OF THE INVENTIO N 

Summary of the Invention 

It is an object of the present invention to 
10 overcome the problems that have just been described. 

To this end, — Lhe invention proposes a A device 
enabling is provided that enables the management of 
different software applications that are installed^ 
possibly at different times, or the man agement of 
15 different hardware eventsr of a chip card while 
providing for high security. Thus, the device 
according to the invention offers the possibility of 
detection when the user of an application tries to 
exceed his rights^ for example^ by attempting to access 
20 data not intended for the application in question. 

To achieve I h^.q** croals this objective , the 
i ui^nHrm proposes to device sets up specific 
instructions internal to the microprocessor of the chip 
card. These specific instructions are call 
25 instructions (DCALL) and return instructions (DRETURN) . 
These call and return instructions are associated 
according to the invention with specific registers by 

it- . -^n fl.m-.prt'fliriftrf that for de t ermining whether 
the operations performed by the application during 
30 execution in the chip card are authorized or not 
authorized . 

The invention therefore pertains to a device 
for ^"A^ss to accessing applications of a chip card 
comprising a microprocessor associated with an 
35 operating system working with a set of instructions, a 



program memory^ and * ha^j-prv nfone or more 
applications in a memory of the chip card, wherein t sS= 
The device comprisesr 

a register of the microprocessor to store a 

coder on several check bitsr proper to an entity 
brought into playr 

Also included are a call instruction^ and 

an instruction for the return of the set of 
instructions to instantaneously and automatically 
update the register during the action by a new entityr 

The device further includes a checking 

device for the checking, as a function of the check 
bits, ■ - ■ f ***** ^^..inr of thcwhether access 

to the zones or address location of the memory of the 
chip card by the new entity that is called or comes 
into action in the chip cardy 

g r is authorized, A first link -bo— transmits 

the check bits from the microprocessor to the checking 
device . 

According to a particular embodiment of the 
device of the invention, each new entity taking 
flrvH Qfi beina executed is activated at a predefined 
address of a ROM (read only read only memory (ROM) type 
memor y of the chip card. 

According to different embodiments of the 

invention, the entity war king ooeratina in the chip card 
may be an application of the l.ni t^rv of one or more 
applications or a hardware event, or again the 
operating system associated with the microprocessor of 
the chip card. 

■BR-j- EF DEOCRIPTION OF THE DRAWINGS 
Brief Description of the Drawings 

The various aspects and advantages of the 
invention shall appear more clearly hereinafter in the 
following description made with reference to the 



appended figures which are given purely by way of an 
indication and in no way restrict the scope of the 
invention^ and which are now introduced: 

■ — Fierure FIG. It — already described, is a 
simplified -tH-^w block diagram of a software architecture 
o ffor the chip r.^rd project s cards currently being 
HpyfilopfidT according to the prior art; and 

— Figure 2 is a depiction of block diagram 
illustrating the principle of operation according to 
M i ^ Tn^ i Thion durina for the execution of an application 
within -bhe<| chip card— 

■ In Figure 2, — a according to the present 

invention. A microprocessor 200 of a chip card 100 
manages the set of operations of for a batter yplural it v 
of applications 210 of the chip card 100. 

DETAILED DESCRIPTION 
Detailed Description of the Preferred Embod iments 
A two-way bus 250 exchanges information 
between the microprocessor 200 and any application of 
the batterv oluralitv of applications £^r&210-212 . The 
information exchanged may be data elements, addresses 
or control instructions. AAn access controllers^ 
access to the memory 220 exchanges information with the 
microprocessor ?nn ( H .^w.ifllly hv means of using a link 
230^ which conveys a signal, called a control signal 
between the microprocessor 200 and the controller 
providing access to the memory 220 . 

For example, — wWhen an entity such as the 
application 211, by means of a Lwo way bus 250 for 
example , requires the intervention of another entity^ 
such as an application 212, it sends a call instruction 
DCALL using the two-wav bus 250 followed by a 
designation of the entity called and a parameter 
enabling the nature of the call to be determined. 
According to the invention, a register R is updated 
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during such calls. A certain number of bits of the 
register R then assume a value associated with the 
called entity. The register R is therefore a hardware 
means component of the microprocessor 200 used to store 
5 a code proper to the entity of the software 

architecture that is being performed, and to control 
its field of execution . 

Furthermore, the device according to the 
invention may also take into account-of instructions 
10 known as hardware instructions, for examole such as 

resetting type instructions of the resetting type f for 
example . Instructions known as hardware instructions 
V3 are events that may occur in real time on a chip card 

I.JL 

V and generate interruptions in the microprocessors of 

l« 15 the chip cards. This type of event is managed by the 

IJI device according — to the invention in the same way as 

P the software instructions^ tr£he bits of the register 

CO R take a very precise value— appropriate to each real- 

'I time event that acts on affecting the chip cards, thus 

6 20 limiting and controlling the rights pertaining to these 

! ~~ events. 

The information given by the register R is 
thus capable of checking a piece of information — for* 
example at the microprocessor or any other entity 

25 external to the software architecture, on the 

identification of the zone of the software architecture 
concerned by the application being executed. This 
information is checked at the microprocessor or at any 
other entity external to the software architecture. 

30 The information given by the register R 

enables the checking of the zone of the memory of the 
chip card in which the application is entitled to come 
into action, — namely the memory space that it is 
permitted to be accessed. Thus, any user attempting to 

35 make fraudulent use of the operating system in order to 
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recover data pertaining to a particular application is 
refused access to this data. Indeed, — tThe bits of the 
state register in this case are different from the bits 
that might correspond to a call instruction DCALL of 
5 the particular application in question. 

The addresses which it is sought to _be 
accessed and the bits of the register R— sent by the 
microprocessor by means — of the via link 230t are 
compared with each other in the access controller of 
10 access to the memory 22 0. Should it be the case that If, 
the addresses of the memory that — i± — is — sought toto be 
accessed are not addresses belonging to the authorized 
field of the last application having performed a call 
5 v3 instruction DCALL type call , then a piece of 



15 information on illegal access prohibits — access to these 

U' 

y 
»■ 

if! The device according to the invention thus 



memories to the memory is prohibited. 



provides great security in the sense that data elements 

£0 destined int ended for one application cannot be used by 

fli 

20 another application. 

= A second register CS makes it possible to 

retain in memory a code proper to the applications that 
were active at the last call instruction DCALL sent by 
the current application, namely those that are to be 
25 performed following the current application. 

When the current application has finished 
being executed completed execution , a return instruction 
DRET is executed by the microprocessor and the data 
elements contained in the second register CS enable a 
30 return to the application that was being performed 

previously and had been activated by a call instruction 
DCALL. The register R is also updated. 

The second register CS cannot be directly 
accessed by the applications of the chip card. This is 
35 in order to ensure the integrity of the device when it 
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is put into operation during the execution of a return 
instruction DRET . 

When the execution of the current 

application is finished, the bits of the register R 
assume a value specific to the application that was 
being performed previously, restoring its rights and 
limits in terms of memory access. 

The memory zone access device according to 

the invention gives a high level of security in terms 
of access to the different zones of the memory— for a 
software architecture such as the one shown in Figure 
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WffiOTHAT WHICH IS CLAIMED IS-: 

1. A device for access to applications of a 
chip card comprising a microprocessor associated with 
an operating system working with a set of instructions, 
a program memory and a battery of applications in a 
5 memory of the chip card, wherein the device comprises: 

■ — a register of the microprocessor to store a 
code, on several check bits, proper to an entity 
brought into play, 

—a call instruction and an instruction for 
10 the return of the set of instructions to 

instantaneously and automatically update the register 
during the action by a new entity, 

- — a checking device for the checking, as a 
function of the check bits, of the authorized nature of 
15 the access to the zones of the memory of the chip card 
by the new entity that is called or takes action in the 
chip card, 

—a first link to transmit the check bits 
from the microprocessor to the checking device. 

2. A device for access to applications of a 
chip card according to claim 1, comprising a second 
register to store a code proper to the applications 
active at the time of the last call instruction sent. 

3. A device for access to applications of a 
chip card according to one of the claims 1 or 2, 
wherein the entity that is called or takes action in 
the chip card is an application of the battery of 

5 applications . 

4. A device for access to applications of a 
chip card according to one of the claims 1 or 2, 
wherein the entity is a hardware event. 
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SECUREP ACCESS DEVICE WITH CHIP CARD APPLICATIONS 

Abstract of the Disclosure 

A device for secured access to applications 
of a chip card-? — Hvinninn i ntn proration executes 
instructions that provide information — at each point in 
5 time, — on the rights, — especially in terms of ac cess to 
the chip card, — crt on the rights for accessing the chip 
card with respect to a software component or a hardware 
action performed in the chip card. In the case of For 
each new software component and at each new hardware 
3 10 action, a register f*— of the microprocessor of the chip 

^ card stores a specific code Lliat makes it possible to 

trfretr kfor checking the authorized nature of the 
operations of access to the memory of the chip card 
|f1 that are performed by the new software component or 

« 15 hardware action— 

CG Figure 2 
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for accessing the memory of the chip card. 



